Remove LE Intermediate Certs - PHISHING


#1

What certificates do I need to remove from my machine to remove access to LE SSL encrypted sites? I do not want access or I want warnings about SSL Errors for LE sites. The number of PHISHING SSL certs issued through LE are very concerning and I’d like to know exactly what intermediate certs to invalidate? Thanks, PW


#2

Hi @HighOctaneATX,

All of the Let’s Encrypt intermediates are published at

https://letsencrypt.org/certificates/

You can tell your user-agent to distrust these intermediates if you like. So far Let’s Encrypt issuance has occurred under Let’s Encrypt Authority X1 and Let’s Encrypt Authority X3. Future intermediates will also be published at the same location.


#3

Note that distrusting Let’s Encrypt certificates will probably cause many non-phishing sites to break, and will not have a significant impact on your susceptibility to phishing. Here are the steps I’d recommend to defend against phishing:

  • Use Safe Browsing or Smart Screen. This will block sites that have been reported for phishing, malware, or unwanted software. Safe Browsing is on by default in Chrome, Firefox, and Safari. For Internet Explorer, you may need to enable Smart Screen
  • Use a password manager with autofill. This will help prevent you from typing your password into the wrong site.
  • Use two-factor authentication, ideally with a security key. This will provide a second piece of information in addition to your password that is harder to phish.

Thanks,
Jacob


#4

Do you have any proof of this claim?


#5

I think the original question has answered (and appreciate @jsha’s practical anti-phishing advice), so I suggest moving discussion of Let’s Encrypt’s policy and practice in this regard to the existing thread at


#6